> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Craig Jackson > Sent: Friday, September 29, 2006 3:57 PM > To: [email protected] > Subject: [Samba] Sync unix and samba passwords > > > Hi, > > We have an Exchange server (server 2003) that is a domain > controller and > a few Samba file servers that are not part of the Windows domain. The > Samba servers use their own LDAP directory ( ldapsam backend with > pam_ldap ) that is synchronized to one openldap directory > server but is > not synchronized to the Windows domain AD. The workstations are all > local accounts and not members of any domain either. I am happy with > this arrangement despite having to enter user information twice and > would rather not change it. > > Goal: I would like to use Services for Unix on the Windows AD > controller > to synchronize linux passwords so that the end user has to change > password once for email/Samba and once for local computer. > > Problem: When Linux administrator issues the passwd command as in # > passwd <username> the ldap userPassword attribute is changed correctly > but the Samba NT/LM passwords are not also changed. > > What I have already done: Googled the issue and found that unix passwd > sync in smb.conf is not what I need. Ldap passwd sync = yes is in > smb.conf. I have found some info on pam_smbpass.so but do not have > enough information to know if this is what I need and how to use it. > > Or can someone tell me if this will not work at all. Better ideas? > > Thanks! > Craig > --
Samba docs say that pam_smbpass.so is in fact what I need and I have added the following line to /etc/pam.d/common-passwd password required pam_smbpass.so nullok use_authtok try_first_pass But #passwd <user> doesn't sync the LDAP NT/LM passwords and there is this in the log: CRON[18769]: PAM adding faulty module: /lib/security/pam_smbpass.so According to Samba docs, pam_smbpass.so is used to keep the smbpasswd (Samba password) database in sync, but does that really mean ONLY smbpasswd or any Samba backend? Thanks. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
